Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVnDysuF-4HZ3qVEVtfcqWJu7EQ.roa
File:                     oVnDysuF-4HZ3qVEVtfcqWJu7EQ.roa (raw, json)
Hash identifier:          jB2cerTqLhYF+FsbY0AoJ2I2rAcia6vbJgIW+azKFGs=
Subject key identifier:   A1:59:C3:CA:CB:85:FB:81:D9:DE:A5:44:56:D7:DC:A9:62:6E:EC:44
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0191757B554B8387B5356D26E4DE93A9FD2A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVnDysuF-4HZ3qVEVtfcqWJu7EQ.roa
Signing time:             Wed 21 Aug 2024 15:08:22 +0000
ROA not before:           Wed 21 Aug 2024 15:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7203
IP address blocks:        2a0f:1e84::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:75:7b:55:4b:83:87:b5:35:6d:26:e4:de:93:a9:fd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 21 15:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a159c3cacb85fb81d9dea54456d7dca9626eec44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:06:bc:c2:e2:a1:ed:fa:16:e9:e5:61:7b:9a:
                    9f:f0:68:6c:68:60:57:f8:b3:d2:b1:d0:16:7c:9d:
                    99:08:94:8f:54:9f:6a:6e:bb:94:ae:12:13:d7:72:
                    a1:50:16:07:21:8b:4f:d0:86:53:43:ee:28:01:f5:
                    ab:7f:14:4f:a1:81:c4:02:5d:4f:27:08:8a:b6:ec:
                    43:71:36:4a:75:62:6b:c8:67:11:ec:90:05:ae:47:
                    ba:d1:77:c6:0b:95:a3:aa:67:39:9d:af:96:65:66:
                    a8:62:b5:14:cc:f1:d6:18:a5:fc:9e:66:b6:3c:bd:
                    23:50:4a:41:f8:57:09:dc:1d:71:49:00:5c:3a:3b:
                    04:2c:4f:2f:3b:54:59:9c:77:f0:92:2e:fc:c9:ec:
                    f9:09:1c:20:41:35:c3:53:50:6a:29:10:a2:c5:4e:
                    60:93:50:84:23:e3:ab:83:83:61:23:cd:ce:92:16:
                    0e:ad:c2:a4:60:66:e4:0f:d1:08:29:4f:37:c0:73:
                    ac:3b:5a:3d:77:3f:89:cf:dc:2c:9c:a1:25:b9:e9:
                    ef:aa:e0:50:3c:9c:0b:90:28:0a:8f:31:42:21:18:
                    99:fc:d1:72:51:1f:6d:ca:74:47:87:f1:48:f9:8c:
                    5a:4b:a3:21:54:33:36:ce:f2:1e:2e:79:22:d7:bc:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:59:C3:CA:CB:85:FB:81:D9:DE:A5:44:56:D7:DC:A9:62:6E:EC:44
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVnDysuF-4HZ3qVEVtfcqWJu7EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1e84::/32

    Signature Algorithm: sha256WithRSAEncryption
         c8:3c:12:f7:59:e5:3d:fb:be:1a:cb:9a:55:90:fa:c8:78:20:
         23:51:c9:c8:99:b5:54:53:8e:74:7a:8f:0f:c4:17:a5:bb:a0:
         bd:4b:a6:60:ee:70:ad:48:02:21:3d:00:fc:2f:c2:14:fd:48:
         a1:86:ca:12:06:75:4b:4c:c6:4a:3a:4d:e3:7b:54:cd:3b:7c:
         3f:35:9b:2a:ab:c8:91:72:aa:25:29:6a:62:b3:38:0e:ae:a7:
         7e:5b:a8:f8:f4:6a:e3:da:cb:04:cc:b7:b8:2c:cd:09:4c:7b:
         08:d3:bf:68:c3:7a:d7:f1:b4:14:8d:9c:ef:0a:56:71:69:a4:
         62:6d:c8:ce:ae:60:2b:e8:39:2e:f4:2e:f7:40:6e:44:6c:55:
         95:a1:fa:c5:09:87:55:2c:7a:a9:23:d7:dc:a6:f6:f3:22:6f:
         95:18:9c:94:ed:17:9a:3e:83:86:5c:b5:71:d7:12:78:11:88:
         c5:ba:18:54:f6:de:3d:d8:3d:c2:19:58:b6:f2:a1:b1:18:b5:
         a6:34:58:76:ff:c7:52:23:7f:e5:77:60:30:e1:ab:8e:52:a9:
         e3:de:5f:dc:c2:60:5d:1c:05:a5:d8:42:3e:f0:41:f0:ec:e2:
         08:4a:bc:87:41:ec:35:50:d4:a7:86:bd:fd:93:e1:f2:b7:9d:
         e9:26:21:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZF1e1VLg4e1NW0m5N6Tqf0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODIxMTUwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTU5YzNjYWNiODVmYjgxZDlkZWE1NDQ1NmQ3ZGNhOTYyNmVlYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwa8wuKh7foW6eVhe5qf8GhsaGBX
+LPSsdAWfJ2ZCJSPVJ9qbruUrhIT13KhUBYHIYtP0IZTQ+4oAfWrfxRPoYHEAl1P
JwiKtuxDcTZKdWJryGcR7JAFrke60XfGC5Wjqmc5na+WZWaoYrUUzPHWGKX8nma2
PL0jUEpB+FcJ3B1xSQBcOjsELE8vO1RZnHfwki78yez5CRwgQTXDU1BqKRCixU5g
k1CEI+Org4NhI83OkhYOrcKkYGbkD9EIKU83wHOsO1o9dz+Jz9wsnKEluenvquBQ
PJwLkCgKjzFCIRiZ/NFyUR9tynRHh/FI+YxaS6MhVDM2zvIeLnki17xDywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKFZw8rLhfuB2d6lRFbX3KlibuxEMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb1ZuRHlzdUYtNEhaM3FWRVZ0ZmNxV0p1N0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8ehDAN
BgkqhkiG9w0BAQsFAAOCAQEAyDwS91nlPfu+GsuaVZD6yHggI1HJyJm1VFOOdHqP
D8QXpbugvUumYO5wrUgCIT0A/C/CFP1IoYbKEgZ1S0zGSjpN43tUzTt8PzWbKqvI
kXKqJSlqYrM4Dq6nfluo+PRq49rLBMy3uCzNCUx7CNO/aMN61/G0FI2c7wpWcWmk
Ym3Izq5gK+g5LvQu90BuRGxVlaH6xQmHVSx6qSPX3Kb28yJvlRiclO0Xmj6Dhly1
cdcSeBGIxboYVPbePdg9whlYtvKhsRi1pjRYdv/HUiN/5XdgMOGrjlKp495f3MJg
XRwFpdhCPvBB8OziCEq8h0HsNVDUp4a9/ZPh8red6SYhPQ==
-----END CERTIFICATE-----